Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
Seamus Tuohy seamustuohy
seamustuohy
/ create_homoglyph_regex.py
Created
September 24, 2020 23:06
Simply script to build a powershell regex to check for homoglyphs of a specific string
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| # | |
| # Copyright © 2018 seamus tuohy, <[email protected]> | |
| # | |
| # This program is free software: you can redistribute it and/or modify it | |
| # under the terms of the GNU General Public License as published by the Free | |
| # Software Foundation, either version 3 of the License, or (at your option) | |
| # any later version. | |
| # |
seamustuohy
/ stronium-2020-08.MTP
Created
September 10, 2020 23:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // STRONTIUM: Detecting new patterns in credential harvesting | |
| // https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/ | |
| // Microsoft Threat Protection (MTP) Query | |
| // Thanks Microsoft for not providing your own plain text version! I loved writing this from an image. | |
| IdentityLogonEvents | |
| | where Timestamp > ago(30d) | |
| | where ActionType == "LogonFailed" | |
| | where IPAddress startswith "185.220.101." or IPAddress startswith "199.249.230." or IPAddress startswith "23.129.64." or IPAddress startswith "109.70.100." or IPAddress startswith "185.220.102." | |
| | summarize authAttempts=dcount(Timestamp), firstAttempt=min(Timestamp), lastAttempt=max(Timestamp),uniqueIPs=dcount(IPAddress), uniqueAccounts=dcount(AccountObjectId),attemptedAccounts=make_set(AccountObjectId) by DeviceType, OSPlatform | |
| | sort by uniqueAccounts |
seamustuohy
/ ATP_advanced_hunting_references.txt
Created
April 15, 2020 19:16
Reference Query Document for Windows Defender ATP Advanced hunting tool
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ADVANCED HUNTING REFERENCES | |
| # Kusto Queries | |
| # - Query Language REFERENCE | |
| # - https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/ | |
| # - Regular Expression in Kusto | |
| # - https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/re2 | |
| # - Allowed Regular Expression Syntax for Kusto Queries | |
| # - https://github.com/google/re2/wiki/Syntax |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| # | |
| # Copyright © 2020 seamus tuohy, <[email protected]> | |
| # | |
| # This program is free software: you can redistribute it and/or modify it | |
| # under the terms of the GNU General Public License as published by the Free | |
| # Software Foundation, either version 3 of the License, or (at your option) | |
| # any later version. | |
| # |
seamustuohy
/ hypothesis-STIX2.json
Created
March 20, 2019 14:38
— forked from CaitlinHuey/hypothesis-STIX2.json
Representing a structured Hypothesis (STIX2) - co-authored by Sergey Polzunov
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "objects": [ | |
| { | |
| "labels": [ | |
| "source--eiq-fusion" | |
| ], | |
| "name": "EclecticIQ Fusion Center", | |
| "external_references": [ | |
| { | |
| "source_name": "external-url", |
seamustuohy
/ web-servers.md
Created
October 6, 2018 12:58
— forked from willurd/web-servers.md
Big list of http static server one-liners
seamustuohy
/ disable_ddeauto.reg
Created
August 28, 2018 14:00
— forked from wdormann/disable_ddeauto.reg
Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file is part of Viper - https://github.com/viper-framework/viper | |
| # See the file 'LICENSE' for copying permission. | |
| # | |
| FROM ubuntu:rolling | |
| # FROM debian:buster | |
| MAINTAINER Viper-Framework (https://github.com/viper-framework) | |
| # Set Local | |
| ENV LANG C.UTF-8 |
seamustuohy
/ gitter-weechat-instructions.md
Created
August 22, 2018 11:39
— forked from raine/gitter-weechat-instructions.md
Connecting to gitter using weechat
Auth and copy token at https://irc.gitter.im/.
Ignore the /PASS thing, it doesn't work in weechat.
/server add gitter irc.gitter.im -ssl -ssl_verify -ssl_dhkey_size=1024 -password=<REPLACE_WITH_YOUR_TOKEN>
/connect gitter
seamustuohy
/ o365-kb.md
Created
July 16, 2018 14:57
— forked from hiddenillusion/o365-kb.md
| Term | Description | Link(s) |
|---|---|---|
| Alias | Another email address that people can use to email | |
| App Password | An app password is a password that is created within the Azure portal and that allows the user to bypass MFA and continue to use their application. | |
| Alternate email address | Required for admins to receive important notifications, or resetting the admin password which cannot be modified by the end users | |
| AuditAdmin | ||
| AuditDelegate | ||
| Delegate | An account with assigned permissions to a mailbox. | |
| Display Name | Name that appears in the Address Book & on the TO and From lines on an email. | |
| EAC | "Exchange Admin Center" |
NewerOlder